Getting Swiped with a No-Swipe Credit Card

The latest tech scare, real or imagined, is hitting RFID (radio frequency identification) technology, specifically the type used in new credit cards and keychains from MasterCard, Exxon, Visa, and your local bank.

It seems these cards, which let you buy everything from gas and sandwiches to subway tokens with a simple wave over a sensor, are vulnerable to hostile scans by evil-doing passers-by, according to recent findings by University of Massachusetts researchers. The cards can be scanned up to several feet away and through wallets, so presumably someone could extract your credit card information by just standing next to or near you. Or could they? According to some of the companies that distribute these cards, it's a lot harder to pull off these types of invasions in public than in a lab.

My own experience with RFID is that it doesn't make for a very seamless scan process. When I attended the 3GSM conference in Barcelona earlier this year, I had to wait in line along with dozens of other disgruntled trade show attendees as show workers scanned each of our badges as we entered a new hall. (They were trying to keep track of where everyone went). But the scan process was slow and required obvious, hands-on movements, so I wonder how an actual thief would get away with trying to scan you in public without getting caught. Again, we're talking real-word situations, not labs.

I've been obsessed with cashless transactions conducted by RFID wireless technology in Japan for a few years now, so I got excited when my PayPass keychain arrived from my bank, promising me easy payment at drugstores, gas stations, sub shops, and the New York City subway. I quickly attached my keys to it and proceeded to tap it against readers at the few-and-far-between checkout counters I could find.

It worked pretty well, but security or no security, I couldn't use it at many places besides Burritoville, McDonald's, and my local drugstore. And all transactions over $25 required a signature, anyway, so where's the convenience in that?

I'm still wondering whether the time saved is really worth carrying around a cumbersome keychain when I can just use my non-RFID credit card. Sure, it requires a swipe and a signature, but it pretty much works everywhere.

Last week I lost my keys, and with it, the PayPass. To get a new one, I'd have to cancel my whole credit card—my bank couldn't just replace the keychain. All in all, a mysterious non-time-saving technology that's more of a hassle than it's worth. Put RFID technology in my cell phone or implant it in my hand or wherever—then it might actually make a difference, for better or worse.

Does anyone have any positive or negative experiences with these sorts of RFID credit cards or keychains?